I want to successfully execute a command: pulumi up
that leverages AWS SDK to make API calls. Therefore, it uses AWS' CLI configurations and credentials.
Right now, I face the error:
botocore.exceptions.InvalidConfigError: The credential source "default" referenced in profile "default" is not valid.
My ~/.aws/config
is:
[default]
role_arn=arn:aws:iam::<some number>:role/<some rule>
credential_source = default
My ~/.aws/credentials
is:
[default]
aws_access_key_id = <some id>
aws_secret_access_key = <some key>
role_arn=arn:aws:iam::<some number>:role/<some rule>
If I remove credential_source
from the config file, I get:
botocore.exceptions.PartialCredentialsError: Partial credentials found in assume-role, missing: source_profile or credential_source
How do I successfully proceed beyond AWS authorization and authentication?
I think you are confusing credential_source with source_profile. Source Profile would be used to load credentials from a shared file, generally on your local. The credential source should be used to load credentials within AWS, like from a secrets store etc. These two mechanisms should be used if you wish to assume the permissions of an IAM.
Give this a read: https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html